# ops

Single source of operational truth: everything here must be understandable, rebuildable, and revocable.

## Non-negotiables

- **Authority boundary:** critical actions originate from `op-core-vm`.
- **No plaintext secrets in Git:** `vault/` contains encrypted artifacts only; `20-identity/keys/public/` is public keys only.
- **Naming is reality:** everything is named `<role>-<scope>-<id>`.
- **Nuke test:** if losing it causes panic, reduce scope or remove it.

## Read first

- `00-doctrine/operator-charter.md`
- `00-doctrine/personal-operating-doctrine.md`

## Layout

- `00-doctrine/` – the law (stable, rarely changed)
- `10-inventory/` – what exists (hosts, networks, services)
- `20-identity/` – roles, policies, leases, public keys
- `30-infra/` – infrastructure as code + config management
- `40-apps/` – application-specific ops (deploy, config, lifecycle)
- `50-runbooks/` – executable procedures (panic day, provision, incident, decom)
- `60-backups/` – backup manifests + restore proofs
- `70-audits/` – checklists + reports
- `80-automation/` – scripts and containers that make the above repeatable
- `90-scratch/` – disposable working area (not source of truth)
- `vault/` – encrypted-only artifacts (safe to leak without keys)

## What does not belong here

Meaning-bearing material (books, media, personal archives) stays in cold storage, not `ops/`.